* Prepare default values for MutatingWebhookConfiguration #691
* Add values.yaml values to injector-mutating-webhook.yaml #691
* Duplicate and deprecate top-level webhook settings and put them in a webhook object
* Made the new values default with the fallback to the old values.yaml
* Fix _helpers.tpl to support both old and new webhook annotations
* Add new tests and deprecate old ones for injector webhook configuration
* Old tests now work with old values.yaml
* Add all new fields showing that they have priority over old ones
* Add deprecation note to injector.failurePolicy #691
* Add some tests on top of #396
* convert server-route.yaml to unix newlines
* changelog
Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
* Fix test typo
* Add basic server-test Pod tests
- This covers all existing functionality that matches what's
present in server-statefulset.bats
* Fix server-test helm hook Pod rendering
- Properly adhere to the global.enabled flag and the presence of
the injector.externalVaultAddr setting, the same way that
the servers StatefulSet behaves
* Add volumes and env vars to helm hook test pod
- Uses the same extraEnvironmentVars, volumes and volumeMounts set on
the server statefulset to configure the Vault server test pod used by
the helm test hook
- This is necessary in situations where TLS is configured, but the
certificates are not affiliated with the k8s CA / part of k8s PKI
- Fixes GH-665
Ports the bats unit, chart-verifier, and bats acceptance tests to use
github workflows and actions. The acceptance tests run using kind, and
run for multiple k8s versions, on pushes to the main branch.
Adds a SKIP_CSI env check in the CSI acceptance test, set in the
workflow if K8s version is less than 1.16.
Adds kubeAdmConfigPatches to the kind config to allow testing the CSI
provider on K8s versions prior to 1.21.
Updates the Secrets Store CSI driver to 1.0.0 in tests.
Makes the HA Vault tests more robust by waiting for all consul client
pods to be Ready, and waits with a timeout for Vault to start
responding as sealed (since the tests on GitHub runners were often
failing at that point).
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
* make staticSecretRenderInterval default to empty string
* update values schema to add staticSecretRenderInterval
* add test for default value
* adding changelog entry
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
* fix(csi-ds): mountpoint-dir same mountpath in pod
Signed-off-by: Toni Tauro <toni.tauro@adfinis.com>
* Update Chart.yaml
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
GKE's stable K8s version is now 1.19. Also adding VAULT_LICENSE_CI to
the `make test-acceptance` target to make it easier to run the
acceptance tests manually, and mentioned it in the test README.
Adds the leader-elector container support that was removed in
PR #568. The new vault-k8s uses an internal mechanism for leader
determination, so this is just for backwards compatibility, and can
be removed in the near future.
* mark the endpoint as deprecated
* add a new useContainer option for leaderElector
Default to not deploying the old leader-elector container, unless
injector.leaderElector.useContainer is `true`.
* add configurable values for providersDir and kubeletRootDir
Signed-off-by: Toni Tauro <toni.tauro@adfinis.com>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
